Hello,
I do not recall whether someone has already mentioned it but regarding "
Guidance on how to write a KMS for an organization", NIST has published a set of documents which may provide helpful insights:
- The three-part NIST SP 800-57: Recommendations for Key Management
- NIST SP 800-130: Framework for Designing Cryptographic Key Management Systems
------------------------------
Thanos Vrachnos OffensiveOps | PKI & eID Subject-matter Expert
SPEARIT
------------------------------
Original Message:
Sent: Sep 08, 2022 04:59:30 AM
From: Marina Bregkou
Subject: Meeting Minutes 31st August 2022
Dear members,
Please find below the main topics and action items discussed in our last August WG call:
- Our working group co-chair Paul Rich is stepping down from his role:
Saying goodbye and farewell to one of the best co-chairs and subject matter expert of our working group, mr. Paul Rich.
Paul announced us that he won't be able to continue devoting his time as a co-chair of the working group. His new job has taken a turn away from key management as a core topic and he is leaving room for work to continue with fresh eyes and minds and priorities.Thank you Paul for your dedication, perseverance, and taking this working group so far ahead!!!! It has been a pleasure having you as our co-chair!
- Other possible topics for the working group's survey were discussed:
- Alex Sharp suggested to have a topic on Bring Your Own Encryption - specifically, a short paper on encrypting before SaaS. (Is it a requirement for compliance?)
- Financial Services was thrown on the table as another survey topic
- Iain Beveridge suggested to provide a comparison between the Hold Your Own Key and "BYOK"
- Alex Sharp added a second suggestion: Guidance on how to write a KMS for an organization.
- Paul Rich proposed to address things from the 'what is being accomplished' perspective. E.g. for Encryption before SaaS, privacy in the cloud is accomplished.
Action item:
- For the next WG paper, each submits 5 topics/subjects with a short abstract that justifies them.
Next working group call:
Wednesday 14th of September, 08:00 a.m.PST / 11:00 a.m. EST / 16:00 GMT / 17:00 CET / 18:00 EET
URL: https://zoom.us/j/93617880747 (Meeting ID: 936 1788 0747)
Kind regards,
Marina
------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------